<?PHP
	$acList[-1] = 'None';
	$acList[1] = 'Lemming';
	$acList[2] = 'Officer';
	$acList[3] = 'Director';
	$acList[4] = 'Dev';
	$acList[5] = 'Admin';
	$recruitment = addslashes($_POST['Recruitment']);
	$snowflake = addslashes($_POST['Snowflake']);
	$inventory = addslashes($_POST['Inventory']);
	$restricted = addslashes($_POST['Restricted']);
	//$result = mysql_query("SELECT snowflake,recruitment,inventory FROM userinfo WHERE userid = '".addslashes($_SESSION['userid'])."'");
	//$row = mysql_fetch_array($result);
	$changer = getAcc('recruitment',$userid);
        //showing the changes made to the user's access
        if(!empty($recruitment) || !empty($snowflake) || !empty($inventory) || !empty($restricted))
	{
		$overall = $recruitment;
		if($overall < $snowflake)
			$overall = $snowflake;
		if($overall < $inventory)
			$overall = $inventory;
		if($overall < $restricted)
			$overall = $restricted;
                $result = mysql_query("SELECT name,snowflake,recruitment,inventory,restricted FROM userinfo WHERE userid = '".addslashes($_POST["access"])."'");
		$row = mysql_fetch_array($result);
		if($snowflake == 5 && $recruitment == 5 && $inventory == 5  && $changer != 5)
			echo("You cannot create admins");
		else if($row[1] != 5 && $row[2] != 5 && $row[3] != 5)
                {
                        mysql_query("UPDATE userinfo SET snowflake = '".$snowflake."',recruitment = '".$recruitment."',inventory = '".$inventory."',overall = '".$overall."',restricted = '".$restricted."' WHERE userid = '".addslashes($_POST["access"])."'") or die(mysql_error());
                        echo($row[0]."'s access successfully changed to ".$acList[$snowflake].", ".$acList[$recruitment].", ".$acList[$inventory].", ".$acList[$restricted]."<br />");
                }
                else
                {
                        echo($row[0]."'s access cannot be changed<br />");
                }
        }
        //showing the user access for admins
        if(empty($_POST["access"]) || !empty($snowflake) || !empty($recruitment) || !empty($inventory) || !empty($restricted))
	{
		//deleting a user
		if(!empty($_POST['delete']))
		{
			$result1 = mysql_query("SELECT overall, name FROM userinfo WHERE userid = '".addslashes($_POST['delete'])."'");
			$row1 = mysql_fetch_array($result1);
			if($changer == 5 && $row1[0] == -1)
			{
				mysql_query("DELETE FROM userinfo WHERE userid = '".addslashes($_POST['delete'])."'");
				echo($row1[1]." has been successfully removed<br />");
			}
			else
				echo("You cannot delete ranked members<br />");
		}
                $result = mysql_query("SELECT userid,name,overall FROM userinfo ORDER BY overall, name");
		echo("<br /><tr><td class = 'center' style = 'font-weight:bold;font-size:18px;'>Member Access: </td></tr>
                        <form name = 'list' action = 'index2.php?page=access' method = 'post'>
                        <tr><td class = 'center'><br />");
                while($row = mysql_fetch_array($result))
		{
			$highest = $row['overall'];

			if($highest == -1) $color = '#2AC402';
			else if($highest == 1) $color = '#00F6FF';
			else if($highest == 2) $color = '#FF9600';
			else if($highest == 3) $color = '#CCFF00';
			else if($highest == 4) $color = '#FF0000';
			else $color = '#0072FF';
                        //echo("<div class = 'button'>".$row[1]."'s access:  ".$row[2]."
			echo("<div style = 'text-align:right;float:none;color: ".$color.";'>".$row[1]."'s access:  ".$acList[$highest]."
				<button type='submit' value='".$row[0]."' name = 'access'>Select User</button>");
			if($changer == 5 )//&& $row[2] == 'lemming')
				echo("<button type = 'submit' value = '".$row[0]."' name = 'delete'>Delete User</button>");
			/*else
				//this sucks so bad
				echo("&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
				&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
				&nbsp;&nbsp;&nbsp;&nbsp;");*/
			echo("</div>");
                	//echo("<tr><td class = 'center'>".$row[1]."'s access:  ".$row[2]."
			//	<button type='submit' value='".$row[0]."' name = 'access'>Select User</button></td></tr>");
		}
                echo("  </td></tr>
                        </form>");
        }
        //allowing the admin to edit a user's access
        if(!empty($_POST["access"]) && empty($_POST['sent']))
        {
                $result = mysql_query("SELECT name,snowflake,recruitment,inventory,restricted  FROM userinfo WHERE userid = '".addslashes($_POST["access"])."'");
                $row = mysql_fetch_array($result);
		echo("<br /><tr><td class = 'center' style = 'font-weight:bold;'>".$row[0]."</td></tr>
			<form action = 'index2.php?page=access' method = 'post'>");
			for($i = 0; $i < 4; $i++)
			{
				if($i == 0)
					$pagename = 'Snowflake';
				else if($i == 1)
					$pagename = 'Recruitment';
				else if($i == 2)
					$pagename = 'Inventory';
				else
					$pagename = 'Restricted';
				echo("
							<tr><td>
							".$pagename." access: ".$acList[$row[$i+1]]."
								<select name = '".$pagename."'>");
							if($row[$i+1] == -1)
								echo("<option value = '-1' selected='selected'>None</option>");
							else
								echo("<option value = '-1'>None</option>");
							if($row[$i+1] == 1)
								echo("<option value = '1' selected='selected'>Lemming</option>");
							else
								echo("<option value = '1'>Lemming</option>");
							if($row[$i+1] == 4)
								echo("<option value = '4' selected='selected'>Developer</option>");
							else
								echo("<option value = '4'>Developer</option>");
							if($row[$i+1] == 2)
								echo("<option value = '2' selected='selected'>Officer</option>");
							else
								echo("<option value = '2'>Officer</option>");
							if($row[$i+1] == 3)
								echo("<option value = '3' selected='selected'>Director</option>");
							else
								echo("<option value = '3'>Director</option>");
							if($row[$i+1] == 5)
								echo("<option value = '5' selected='selected'>Admin</option>");
							else
								echo("<option value = '5'>Admin</option>");
							echo("</select>
								<input type = 'hidden' value = '".$_POST["access"]."' name = 'access' />
								<input type = 'hidden' value = '1' name = 'sent' />
								</td></tr>");
			}
			echo("
				<tr><td>
				<input type='submit' value='Change Access' />
				</form>
				</td></tr>");
        }
?>
